<?php

session_start();

if (!(isset($_SESSION['login']) && $_SESSION['login'] != '')) {

    header("Location: login.php");
}
include 'i_functions.php';
//
$_SESSION['DataType'] = "";
$_SESSION['Trace'] = "";
//
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $pcode = $_POST['postcode'];
    $sname = $_POST['surname'];

    $pcode = htmlspecialchars($pcode);
    $sname = htmlspecialchars($sname);

    //==========================================
    //	CONNECT TO THE LOCAL DATABASE
    //==========================================
    $user_name = "root";
    $pass_word = "haddons";
    $database = "PPI";
    $server = "127.0.0.1";

    $db_handle = mysql_connect($server, $user_name, $pass_word);
    $db_found = mysql_select_db($database, $db_handle);

    if ($db_found) {

        $q_pcode = quote_smart($pcode . "%", $db_handle);
        $q_sname = quote_smart($sname . "%", $db_handle);
        $SQL = "SELECT * FROM client WHERE Postcode LIKE $q_pcode";
        if ($sname) {
            $SQL = $SQL . " AND Surname LIKE $q_sname";
        }
        $result = mysql_query($SQL);
        $num_rows = mysql_num_rows($result);

        //====================================================
        //	CHECK TO SEE IF THE $result VARIABLE IS TRUE
        //====================================================

        if ($result) {
            include 'i_head.php';
            print "<p><table id=\"form\" align=\"center\" cellspacing=\"4\"cellpadding=\"2\">";
            if ($num_rows > 0) {
                while ($db_field = mysql_fetch_assoc($result)) {
                    $pline = "<tr><td><A href=\"./ClientEnq.php?ClientID=" . $db_field['ID'] . "\">" . $db_field['ID'] . "</A></td>";
                    $pline = $pline . "<td>" . $db_field['FirstNames'] . " " . $db_field['Surname'] . "</td>";
                    $pline = $pline . "<td>" . $db_field['House'] . " " . $db_field['Street'];
                    if ($db_field['Town']) {
                        $pline = $pline . ", " . $db_field['Town'];
                    }
                    if ($db_field['County']) {
                        $pline = $pline . ", " . $db_field['County'];
                    }
                    $pline = $pline . "</td>";
                    $pline = $pline . "<td>" . $db_field['Postcode'] . "</td></tr>";
                    print $pline;
                }
            } else {
                $message = "<tr><td>no matches!</td></tr>";
                print $message;
                //session_start();
                //$_SESSION['login'] = "";
                //header("Location: signup.php");
            }
            $pline = "<tr><td colspan=\"4\"><A href=\"./NewClient.php\"><b>+</b></A></td></tr>";
            print $pline;
            print "</table>";
            include 'i_foot.html';
        } else {
            $errorMessage = "Error logging on";
        }

        mysql_close($db_handle);
    } else {
        $errorMessage = "Error logging on";
    }
} else {

    include 'i_head.php';
    include 'i_ClientSearch.html';
    include 'i_foot.html';
}
?>